popup

Report - Bur_Oil_Company.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.10.12 10:34 Machine s1_win7_x6402
Filename Bur_Oil_Company.zip
Type Zip archive data, at least v1.0 to extract
AI Score Not founds Behavior Score
1.6
ZERO API file : clean
VT API (file) 1 detected (probably a variant of Win32, Rugmi)
md5 7981e2f467362b08d22fad773e24df3b
sha256 3ccf4a79e6dc06def1c928e1378a9ea64274089d0d6c4da758d0c9acab20324e
ssdeep 49152:0Y+ACumdRqBUaTKb2ZrpuoFsncXjkBTRlCHkH9MEniWm:0PxJowb2dphFsnmjkBTiHkH9DY
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
notice File has been identified by one AntiVirus engine on VirusTotal as malicious
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://teleportfilmona.online/api
whois
US CLOUDFLARENET 172.67.165.34 clean
teleportfilmona.online
whois
US CLOUDFLARENET 172.67.165.34 clean
172.67.165.34
whois
US CLOUDFLARENET 172.67.165.34 clean

Suricata ids

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In

Similarity measure (PE file only) - Checking for service failure